BOSE, which is engaged in the development and production of audio equipment, reported data leakage as a result of an attack using a extortioner program. According to available data, the attackers conducted a successful campaign against Bose IT systems in March of this year.
In a written notice of hacking, which Bose was submitted to the General Prosecutor’s Office of New Hampshire, it says that the company “experienced a complex cyber-cider, which led to deploying malicious programs / extortion programs in its environment.” The company noted that BOSE employees first discovered malicious / extortionable software in the IT-systems of the American division of BOSE on March 7, 2021.
To restore access to BOSE IT systems, asked for help in a third-party company operating in the field of information security. We also needed the services of forensic experts who had to determine whether the attackers managed to access any confidential data of Bose. The company noted that Bose did not pay redemption for unlocking systems.
«We did not pay a ransom. We quickly restored and defended our systems with the support of third-party cybersecurity experts. During the investigation, we revealed a small number of persons whose data was compromised during the incident. We sent them notifications about this, in accordance with the requirement of legislation, “this issue commented on the Director of Media Works in Bose Joanne Berthiaume.
According to reports, during this incident, intruders received access to information on some former and existing BOSE employees. Although specialists did not find confirmation that these data were copied from BOSE systems, they do not exclude such a probability. After the attack Bose also involved third-party specialists to monitor Darknet, not the subject of the appearance of stolen data, but they were not able to detect them on the Internet.